fkie_nvd - fkie_cve-2025-68212

fkie_cve-2025-68212

Vulnerability from fkie_nvd

Published

2025-12-16 14:15

Modified

2025-12-18 15:08

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmount_string() In statmount_string(), most flags assign an output offset pointer (offp) which is later updated with the string offset. However, the STATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the struct fields instead of using offp. This leaves offp uninitialized, leading to a possible uninitialized dereference when *offp is updated. Fix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code path consistent.

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0778ac7df5137d5041783fadfc201f8fd55a1d9b
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/acfde9400e611c8d2668f1c70053c4a1d6ecfc36

Impacted products

	Vendor	Product	Version

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized \u0027offp\u0027 in statmount_string()\n\nIn statmount_string(), most flags assign an output offset pointer (offp)\nwhich is later updated with the string offset. However, the\nSTATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the\nstruct fields instead of using offp. This leaves offp uninitialized,\nleading to a possible uninitialized dereference when *offp is updated.\n\nFix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code\npath consistent."
    }
  ],
  "id": "CVE-2025-68212",
  "lastModified": "2025-12-18T15:08:06.237",
  "metrics": {},
  "published": "2025-12-16T14:15:54.140",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0778ac7df5137d5041783fadfc201f8fd55a1d9b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/acfde9400e611c8d2668f1c70053c4a1d6ecfc36"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2025-68212 (GCVE-0-2025-68212)

Vulnerability from cvelistv5

Published

2025-12-16 13:57

Modified

2025-12-16 13:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized 'offp' in statmount_string() In statmount_string(), most flags assign an output offset pointer (offp) which is later updated with the string offset. However, the STATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the struct fields instead of using offp. This leaves offp uninitialized, leading to a possible uninitialized dereference when *offp is updated. Fix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code path consistent.

References

URL

Tags

	https://git.kernel.org/stable/c/acfde9400e611c8d2668f1c70053c4a1d6ecfc36
	https://git.kernel.org/stable/c/0778ac7df5137d5041783fadfc201f8fd55a1d9b

Impacted products

Vendor

Product

Version

Version: e52e97f09fb66fd868260d05bd6b74a9a3db39ee
Version: e52e97f09fb66fd868260d05bd6b74a9a3db39ee
Version: d49c64c1d723c167f521833f429ab28d3ca7e0d9
Version: c3787a4fae66e710543137b4b1b073cb2bff3bca

Version: 6.14

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "acfde9400e611c8d2668f1c70053c4a1d6ecfc36",
              "status": "affected",
              "version": "e52e97f09fb66fd868260d05bd6b74a9a3db39ee",
              "versionType": "git"
            },
            {
              "lessThan": "0778ac7df5137d5041783fadfc201f8fd55a1d9b",
              "status": "affected",
              "version": "e52e97f09fb66fd868260d05bd6b74a9a3db39ee",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d49c64c1d723c167f521833f429ab28d3ca7e0d9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c3787a4fae66e710543137b4b1b073cb2bff3bca",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.14"
            },
            {
              "lessThan": "6.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.10",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.12.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.13.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized \u0027offp\u0027 in statmount_string()\n\nIn statmount_string(), most flags assign an output offset pointer (offp)\nwhich is later updated with the string offset. However, the\nSTATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP cases directly set the\nstruct fields instead of using offp. This leaves offp uninitialized,\nleading to a possible uninitialized dereference when *offp is updated.\n\nFix it by assigning offp for UIDMAP and GIDMAP as well, keeping the code\npath consistent."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T13:57:08.327Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/acfde9400e611c8d2668f1c70053c4a1d6ecfc36"
        },
        {
          "url": "https://git.kernel.org/stable/c/0778ac7df5137d5041783fadfc201f8fd55a1d9b"
        }
      ],
      "title": "fs: Fix uninitialized \u0027offp\u0027 in statmount_string()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68212",
    "datePublished": "2025-12-16T13:57:08.327Z",
    "dateReserved": "2025-12-16T13:41:40.256Z",
    "dateUpdated": "2025-12-16T13:57:08.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.